secure your email / 使用安全电邮

Ｍost users don't know how vulnerable their email service is, and how scary their government can be.
Thus you need to know how to make it impossible for other people/organization to see your email, even make yourself invisible to them

If you/如果你

• had nothing to hide/没什么要隐藏的

• were using only QQ mail or didn't even know what email is/只有QQ邮箱或者不知道什么是电邮

• were a good citizen and not aware of the existence of the wall/是一个遵纪守法的好公民

• were already using numerous hidden email services and PGP/已经在用匿名服务和PGP

then you should stop reading by now/那么不要再看下去了

Ｗhat you need/你需要

1. Your own PGP keypair/你的PGP钥匙对

2. GPG and other free software you might need/GPG和其它自由软件

3. a secure mindset/安全的思维

Guide/使用指南

Stop using [email protected], it's extremely unprofessional and I will not reply to any email sent from such an address

How does this work?/工作原理

• For most users, you just need to know:/普通用户需要知道：

  • Use receiver's public key to encrypt emails sent to them/用收件人的公钥加密发给他们的邮件

  • They will be able to decrypt emails with their private key/他们可以用自己的私钥解密你的邮件

  • And they can use your public key to encrypt emails that sent back to you/他们也可以用你的公钥加密回复给你的邮件

  • How do they know what your key is? Well, put your key on one of the keyservers, like this one, and vice-versa/那么他们如何知道你的公钥呢？只要把你的公钥在一个公钥服务器发布即可，就像这一个，反之亦然（参考下面导入公钥的部分）

• For advanced users, read PGP on Wikipedia

Generate your keypair with GnuPG/使用GnuPG生成钥匙对

1. If you are using Windows/如果你用Windows

• Download GnuPG here/在这里下载GnuPG

2. If you are using *nix/如果你用Mac或者Linux

• Use your packge manager to install gpg, for example, in Debian based distros you use apt-get install gpg/使用你的包管理器安装gpg，比如，在Debian类的发行版中你可以apt-get install gpg

• From a terminal window, type gpg --full-gen-key, you will see the following:/在终端窗口里使用gpg --full-gen-key，然后你会看到：

  

• Follow its instructions, choose 4096 bit RSA to ensure your encryption is strong enough/按照指导来生成你的钥匙对，注意请使用4096位 RSA加密算法以便确保安全性

• Then you should export both your public and private keys to use them elsewhere/现在你应该把钥匙对导出从而在别的地方使用它

  • gpg --export -a <key name or id> > pub.asc will export an ASCII encoded public key to a text file called pub.asc, you can publish it on a keyserver/gpg --export -a <key name or id> > pub.asc可以导出ASCII编码的pub.asc文本文件，你可以在这里发布你的公钥

  • gpg --export-secret-keys -a <key name or id> > sec.asc will export your ASCII encoded private key to a text file called sec.asc, you will need your passphrase to export a secret key, never publish its content!, you need to chmod 600 sec.asc to make sure this file is readable only to you/gpg --export-secret-keys -a <key name or id> > sec.asc会导出你的私钥，同样使用ASCII编码，你需要输入之前设置的保护密码来导出这个私钥，这次的文件叫做sec.asc，绝对不要泄露这个文件，使用chmod 600 sec.asc来确保这个文件只有你可以阅读

Using a reliable email client and PGP plugin/使用可靠的邮件客户端和PGP插件

• Personally I use Thunderbird in Arch Linux, with Enigmail plugin/我个人使用Thunderbird和Enigmail插件，它们都是自由软件（后者可以在前者的插件管理器里找到），而且都跨平台可用

• Simply import your keypair into Enigmail/导入你的钥匙对到Enigmail

  

• Then import the public key of your contacts who are going to receive your email/然后导入你联系人的公钥

  

• When sending encrypted emails/发电邮的时候

  

• Your contacts are able to decrypt your email with their private key (and so are you when you receive an email encrypted with your own public key)/你的联系人可以用他们的私钥解密你用他们公钥加密的邮件（同样的，你也可以解密用你自己的公钥加密过的邮件）

Looking for more solutions?/想知道更多?

• On mobile platforms, Open KeyChain is available/在移动设备上，你可以用Open KeyChain

• Also, I recommend using Protonmail, which is located in Swizerland with heavy encryption, and provides features such as expired email and email password/另外我也推荐使用Protonmail, 它是位于瑞士的加密电邮服务商，提供阅后即焚和邮件密码等功能

• You can find hidden email services yourself, but DO ENCRYPT YOUR EMAIL no matter what email provider you choose/你也可以自己寻找匿名电邮服务，但是一定要加密你的电邮，不管你用谁的服务